> > > If an interrupt occurs right after inserting the urb into ep's list, > > > this urb can be transfered and gave back to the driver before > > > usb_get_urb is called ! > > > > Yep, that could do it. > > It was. I have no more badness in kref counter. By the way David, can > this problem happen with sl811 hcd ?
Potentially; the usb_get_urb() and atomic_inc() should be paired with the list_add_tail() -- under spinlock protection -- rather than being done as late as it's now done by hcd_submit_urb(). That's what Alan's patch does. Similarly, the urb->*_dma fields should be set up before list_add_tail(), at least for urbs not going to the root hub. Of course that won't matter for non-DMA HCDs like sl811. Root hub urbs could stand a closer look; now that they have a real queue, usbcore shouldn't need to use an hcd->status_urb any more. (Limiting them to single entry queues ...) The sl811 code should probably refuse to start() urbs it hasn't marked yet (by setting urb->hcpriv) too. There's no point to maintaining a parallel queue for each endpoint, but it should still ignore URBs that haven't yet been set up both by usbcore and by the HCD. And setting hcpriv is what marks the URB as having been set up by that HCD. - Dave ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ linux-usb-devel@lists.sourceforge.net To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
